Signup Login
Try it for FREE!

Categories

Home > network security

First steps in Computer Forensics: Securing your network

POSTED ON: May 17, 2012 POSTED BY Irina Tihova

No matter how secure your infrastructure is, sooner or later you will become a victim of a computer crime. Someone may point a DDoS (Distributed Denial of Service) attack at your services, may sniff your network, or may copy/delete confidential information. You may not even realize such a thing has happened. However, in an organized and secured network, you will be notified at the first signs of an attack. Now what? Your first normal reaction would be to stop the attack with whatever means possible. However, that may not be the best response. If you don’t possess the needed knowledge yourself, it might be a good idea to leave the crime scene as it is and let a computer forensics investigator deal with it. Let’s focus on the steps that the investigator would take. You may choose to take these steps alone but you will most likely not have all the necessary support tools and systems for that.

  1. Document the system – name, date, time, purpose, hardware, software, it all matters.
  2. Collect evidence – all the information about the attack should be securely taken off the target system. This is usually done through specific software that hashes all the information. This way, the information is legitimate and can be used as formal evidence for prosecution. The evidence that is usually collected includes active network connections, processes loaded into memory, and a copy of all the information on the disk with the respective creation, modification, and access values. The collector should be confident about the security of the system used for storage and analysis of the copied evidence. Only after this step, is it beneficial to unplug or shut down the affected system. If the affected system is saving logs on a remote server, copy them as well, they are less likely to be compromised by the attack. In Linux, programs could still be running even after their files have been deleted. You can search for such programs with the command: file /proc/[0-9]*/exe|grep “(deleted)” . If you want to make a copy of this list use: /bin/dd if=/proc/filename/exe of=filename .
  3. Recreate the timeline of the attack – once all the information is copied on a secured workstation, the timeline of the attack can be recreated from the times of creation, modification, and access of all the files. This should be done before anything else, because the other steps can change the original times of the files. The timeline will show the last executed file, the last created/deleted folder, executed
    Read the full post
Category: Security

How To Protect Your Network: Monitoring ISA Server with Monitis

POSTED ON: September 20, 2011 POSTED BY Ard-Jan Barnas

Microsoft Internet Security and Acceleration (ISA) ServerIn this article we discuss monitoring ISA server with Monitis using a custom monitor that you can add to the Monitis dashboard. Microsoft provides the ISA Server Performance Monitor tool to analyze ISA Server performance. The ISA Server Performance Monitor is installed when you install ISA Server, but if you are already monitoring a number of servers in your environment the Monitis dashboards offers an integrated solution to monitor ISA server together with your other monitored systems.
Read the full post

Category: Monitoring Scripts, Network Monitoring, Security, Sysadmin Tools, Windows Servers Monitoring

How To Protect Your Network: Microsoft ISA Firewall Server Best Practices

POSTED ON: September 1, 2011 POSTED BY Ard-Jan Barnas

Microsoft Internet Security and Acceleration (ISA) ServerThis is the third article in our series “Protecting Your Network”. We previously discussed common firewall best practices and compared some of the most popular products to manage your network security. In this article we’ll focus on best practices specifically to Microsoft Internet Security and Acceleration (ISA) Server.
Read the full post

Category: Security, Sysadmin Tools, Windows Servers Monitoring

Linux: Secure as a brick

POSTED ON: July 15, 2011 POSTED BY Dan Fruehauf


People who are familiar with me know that there are two things I’m not forgiving about. The first is backups, the second is security.

If backups interest you, perhaps we can discuss it some other time. This time we’re going to discuss security.

I’m going to outline in the following article some of the best practices I’ve learned along the years and help you “almost brick up, but not just yet” or “harden” your Linux server.

While reading this article, however, I suggest also reading this article as well. As we both try to tackle the same issues. I believe both articles eventually represent the same views in a different guise.

All of the ideas I’m coming up with are already implemented in shk. I suggest downloading shk, reviewing the code and using it.

Read the full post

Category: cloud computing, Security, Sysadmin Tools

Trusted by:

trusted by trusted by trusted by trusted by trusted by trusted by trusted by trusted by trusted by trusted by
About Monitis

Monitis GFI is a specialist provider of web and Cloud monitoring services that include website monitoring, site load testing, transaction monitoring, application and database monitoring, Cloud resource monitoring, and server and internal network monitoring within one easy-to-use dashboard. Over 100,000 users worldwide have chosen Monitis as their provider of choice to increase uptime and user experience of their services and products. What makes Monitis' solutions different is that they are fast to deploy, feature-rich in technology and provide a comprehensive single-pane view of on-premise and off-premise infrastructure and applications.

Follow Monitis on Facebook
Follow Monitis on Twitter
Home | Products | Tools | Blog | Support | Company | Plans

All Rights Reserved. Monitis Inc.info@monitis.com